Re: WPA regression

Jared D. McNeill --> current-users (2008-01-31 16:42:48 -0500):
> Some more information -- I'm on the road and my laptop was nuking a
> nearby WRT54G v6 every few minutes. I changed the configuration on the
> AP from TKIP to AES and it's working like a champ now.
Hmm, when using CCMP (AES) instead of TKIP with hostapd, I can't get
wpa_supplicant to work at all. It seems to loop forever trying to
authenticate without success:
$ wpa_cli
wpa_cli v0.6.2
[...]
Selected interface 'ath0'
Interactive mode
> status
20:13:42.974: wpa_state=SCANNING
> 20:13:47.014: Trying to associate with 00:0b:6b:20:38:50 (SSID='BS110'
> freq=2412 MHz)
20:13:47.014: Associated with 00:0b:6b:20:38:50
20:13:52.066: CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
20:13:57.117: Authentication with 00:00:00:00:00:00 timed out.
20:14:06.210: Trying to associate with 00:0b:6b:20:38:50 (SSID='BS110'
freq=2412 MHz)
20:14:06.210: Associated with 00:0b:6b:20:38:50
20:14:11.262: CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
20:14:16.314: Authentication with 00:00:00:00:00:00 timed out.
[...]
However, after switching back to TKIP again, it seems that I found a
way to work around the GTK rekeying timeout problem I originally
reported: if I start wpa_cli(8) in interactive mode (default) after
wpa_supplicant has been started, GTK rekeying does _not_ timeout (and
thus the network stays up). Neither do I understand why this causes
rekeying to succeed, nor can I proove that it always works - but without
a running wpa_cli, 50 out of 50 monitored rekeyings failed, and with
a running wpa_cli, all so far ~40 rekeyings succeeded...
Any hints about how I should try to debug this?
Regards, Jukka
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~